After upgrading to WordPress 2.3 and trying to re-evaluate tag usage, I decided to re-visit an old pet-peeve of mine: The relatively massive (read: gi-normous) size of my wp_postmeta table. It was always the biggest table in my database (thanks to UTW), so whenever I was poking around in the database it caught my eye (it was over 5MB).

With WordPress 2.3 ‘tags’ are starting to be handled internally, and the need for UTW in it’s old form (rumor is it will be broken up into elements complementing WordPress’ new built-in tagging system) is no longer, so I got out the scissors and…

Taking a closer look, I had over 30,000 records in wp_postmeta that had a meta_key named _utw_tags_0. Amidst thoughts of how these records were somehow data-intercourse/sexing it up and reproducing like bunnies, I started warming up phpMyAdmin (does that behemoth take a while to start or what?).

Once phpMyAdmin was up, I selected my site’s database, then the wp_postmeta (the ‘wp_’ prefix is the default, if yours is different, adjust the SQL query appropriately) table from the list on the left side of the phpMyAdmin interface.

Once you have the wp_postmeta table in front of you, click on the SQL tab at the top of the page and you should end up on a page with a large text box and a query already started for you. Highlight that text and replace it with:

DELETE FROM `wp_postmeta` WHERE meta_key = '_utw_tags_0'

You will get some sort of “Are you sure you want to destroy Planet Earth” notice, click yes.

I still had about 10 records with a meta_key title of _utw_tags_ so I used the same steps as above and blasted them with:

DELETE FROM `wp_postmeta` WHERE meta_key = '_utw_tags_'

This brought my wp_postmeta table down from over 5MB to less then 22kB. Can you say: Wheeee?

I have been meaning to post a note about some of the recent changes here, but have been busier then a long-tailed cat in a room full of rocking chairs (been dying to use that phrase for some time ;’)…

I’ve adopted a new theme called nobus, designed by Dezzain Studio. The UI is not too simple, not too complex, not too dark. The header is a bit tall, but I want to live with it a bit before attempting changes (the height did allow me to pretty much cut-and-paste some of my code/hacks into the header to retain functionality I desired (translation service, RSS icon w/out scrolling down, my logo and some quotes). There is a big difference in typography, not just style, but size and spacing. Feedback is desired/welcome about these (and any other) changes.

Some minor changes in functionality, testing new plugins (not just new to me, but new to WP 2.3 and/or the ‘world’), carefully applying some AJAX (less then 2% of my visitors have JavaScript turned off, but I do keep an eye on this and try to use JS that will degrade/fall-back to HTML behavior/appearance.

Posted here about using Zazz Post ticker. I have been keeping an eye out for something with this functionality over the last year or so, and everything I researched/tried was either too clunky/ugly or required more time to integrate then I was willing to devote. This one dropped right in without a struggle and styled up quite easily with a few CSS additions.

Some other new plugin additions:

• DoFollow Using no-follow as a rule just doesn’t make sense any more, it should be the exception.
• Enforce www. Preference I dropped the www NOTE: This plugin is now redundant with 2.3.
• HeadSpace2 Experimenting with this meta-generator-on-steroids
• Link Indication If we are going to put the control/decision about how links/new-windows are handled into the users hands, let them make an informed decision?
• Nofollow reciprocity If I’m going to turn off no-follow, I expect you to, as well
• Shutter Reloaded With all the different javascript libraries and resultant conflicts my lightbox/slimbox scripts started acting whacky. Just dropped this in and I’m ok for now ;’)
• WP-Footnotes Because some of my posts just need footnotes.
• Secure and Accessible PHP Contact Form Fianlly broke down and decided to try/test a plugin form solution

Some folks email me now and then about the quotes in my header, so just as an FYI: I use Quality Quotes, and the thing I love the most about this ‘yet-another-random-quote’ plugin is that it goes out and gets 10 quotes each day and then cycles randomly through them on each page refresh. So instead of hitting/depending-on some outside resource every time a page is refreshed on my site it’s cached locally. Fast, lightweight and independent.

Closing with one of my favorite recent quotes:

We can lick gravity, but sometimes the paperwork is overwhelming.
- Wernher von Braun

There are some basic steps you can take to help limit your exposure to malicious behavior directed at your WordPress blog. My intention with this article is not to make your website bullet-proof (if such a thing exists) but to cover the most common exploits/weaknesses. File and directory permissions have been discussed elsewhere but I’ll post a reminder about the basic rule-of-thumb: Set files to 644 and directories to 755. If you have to use less secure settings (for /wp-content/uploads/ for example) you don’t have a good host.

Failure to do the following doesn’t mean your blog will be hacked, it just means it’s more likely. So here we go:
..Cover your privates (or: “Nice knickers there!”)…

1. Delete unnecessary files /wp-admin/install.php and /wp-admin/upgrade.php ((Once you are finished with the installation or upgrade these files will not be needed and they will be replaced with your next install/upgrade))
2. Delete default post and comment ((advertises “New Blog! Come SPAM me!”))
3. Make it harder to reveal your SQL login info and help prevent users browsing where they shouldn’t: In your root directory (where wp-config.php resides) make sure there is a .htaccess file containing the following ((Turns off ftp-style browsing;Only recognize index.php index.html as legitimate index files;Don’t allow ANY remote access to wp-config.php)):
   Options -Indexes
DirectoryIndex index.php index.html
Order Deny,Allow
Deny from all

4. Change permissions for wp-config.php to 600 (equivalent to rw——-) if possible ((One of the few exceptions to the standard 644 rule))
5. Prevent browsing of directories not covered by WordPress: Drop an empty (0-byte) file named index.html in /wp-content/plugins/ or /wp-content/uploads/ (for example) ((The reason we use .html instead of .php is in case PHP breaks on the server we’re still covered at the HTTP level))
6. For SPAM prevention, activate Akismet ((Akismet is great at weeding out spam comments)) (comes with WordPress) and install/activate Bad Behavior ((Bad Behavior stops a lot of spam/malicious-activity before it ever hits your site)) These two plugins are the minimum in spam prevention in my opinion, but feel free to experiment on your own.

Other considerations for security are your choice in a host. I recommend a professional:

As always: Feedback welcome!

I was thinking about a way to showcase older posts and happened across the Zazz Post Tickerplugin by Stew Houston.

I thought “Here we go, another chance for me to totally bork my blog with some unknown piece of code…” So I picked up the scissors and blah-blah-blah (you get the idea).

I took a quick look at the instructions (note that for historical purposes) and I didn’t see where I had to re-write my server’s kernel or edit core WordPress components and figured “wot the ‘ell”.

The good points: Easy to install, light-weight and does exactly what it’s supposed to do right out of the box (and that’s with WordPress 2.3-beta3). It’s easy to configure (though it does require editing the zazz-post-ticker.php file, it’s a simple, straight-forward edit), it doesn’t use tables (thank you, I’ve puked enough this week) and the CSS is not convoluted! It allows for changing the duration before fading, the number of posts and even allows for an offset (seems redundant to me to display post information that’s displayed an inch lower on the page so I liked this feature).

The bad point (singular, mind you): The javascript isn’t wrapped so it isn’t valid. But here’s a quick fix:

Open up zazz-post-ticker.php and go to line 30, it should look like this:
echo "<script type=\"text/javascript\">\n";

Create a new line under that one and insert:
echo "//<![CDATA[\n";

And right before line 139 which reads:
echo "</script>\n";

Add:
echo "//]]>\n";

Now you have a light-weight, easy to install/configure post ticker for WordPress that validates as well!

Feedback welcome.

Note: As of 10/29/08 it appears the author’s site is down, here is the v1.1 file: Zazz Post Ticker

Just released the new version (0.94) of the missunderstood theme. Some major changes, lots of clean-up, added functionality:

• Built-in Optimal Title (for SEO)
• Built-in slimbox (faster, lighter Lightbox effect)
• Separate lists for comments and trackbacks
• Fancier blockquotes
• Built-in pullquotes
• Prettier search box
• Code-block style with numbers and zebra striping

A lot of generous people have brought my attention to problems with the earlier releases of missunderstood, and I’ve tried to go through everything with a fine-tooth comb. I tested this version in FireFox, Internet Explorer 6 and 7 as well as Opera. It is valid XHTML strict when used in a modern browser (read: anything other then Internet Explorer and that’s only because M$ couldn’t give a damn ).

Original post with more info is here. See a live demo here. Missunderstood has a Support Forum, and it can be downloaded from the original post or directly from here.

Feedback always appreciated…

The info in this post is pretty old but I’m leaving it here for reference, regardless…

I wanted to add a forum to my WordPress blog but everything I came across did not integrate well (design/page continuity, etc.) or was too simple for my tastes… Then I came across a tutorial here (there are a few around, that’s just the one I tripped across). Following the tutorial I had a somewhat more integrated forum…
…where the blood-splatter of our butchery won’t stain anything…
With the lessons learned and the release of PunBB 1.2.15 I decided to see if I could do a better job. Since the first install/integration I had added a css-based navigation menu and some random quotes which did not display when my banner/header was displayed above the PunBB forum.

Annoyed, I picked up the scissors and started running….
Continue reading this post…

Version .95 is out now, with a lot of tweaks done over several months…

Incorporated some plugins into functions.php for convenience:

• Optimal Title
• Hot Dates
• removed ‘sociable’
• Slimbox

Added the Top Post functionality (for a full-width ‘featured’ post). Top Post takes the latest post in a category (category set in the themes options under Presentation), displays it at the top (full-width) and makes sure it is not repeated in either column below.

This theme comes with Slimbox, a lightweight/fast image display system like lightbox. It’s built into Corporate Slave, so there shouldn’t be any need for configuration. It’s automagical, works with any thumbnail-with-link-to-fullimage.

See it in action here.

Original post with much more information. Download there or directly from here: Corporate Slave Theme v0.95

Support Forum for the Corporate Slave Theme is here.

Since domains are often indexed differently (with and without the www prefix), I’m jumping on the no-www bandwagon. For more info visit

Ease of use with WordPress influenced me to use Mark Jaquith’s Enforce www. Preference plugin (which works for ‘enforcing’ either a www or no-www preference).

When I first started a WordPress blog I wanted to add some personal identification to the front page in an effort to promote validity/identity/what-evah. ‘Widgets’ were somewhat new to WP so I thought this was the approach for me. I ended up with a minor struggle using a text widget and got what I wanted.
…my head finally popped out of my sphincter and…
Then masochism got the better of me and in an attempt to self-flagellate I made an About Me widget. My approach was simple; Enter the URL of an image, a blurb about your self/site and a link or two. It worked simply too: On simply about 70% of themes/sites ;’) The problem was that a lot of themes do some pretty screwy stuff and some web hosts are picky about any file/image handling.

So I began a journey that started with meditation… Once I felt loose and unencumbered by the stress of day to day life I asked my Creator: “Are you familiar with WordPress?”
Continue reading this post…

I added a ‘Help Desk’ tech support ‘ticket’ system some time ago (Hesk v0.93.1) and wrote a tutorial for it here.

I don’t use it and haven’t had time to update to the latest version of Hesk (latest version of hesk doesn’t play well with my tutorial), and I may not update it, might even drop it. Seems the forums here are more effective, and my paying customers seem to “damn-sure” want to deal directly with me rather then some ticket system…

So, no new tutorial for Hesk integration…